Bug 1733505 - Non admin user can not query API /katello/api/capsules/:id
Summary: Non admin user can not query API /katello/api/capsules/:id
Keywords:
Status: NEW
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles
Version: 6.4.0
Hardware: All
OS: All
unspecified
low vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Radovan Drazny
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-26 10:02 UTC by roarora
Modified: 2019-12-12 20:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description roarora 2019-07-26 10:02:34 UTC
Description of problem:

If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response : 
"message": "Resource smart_proxy not found by id '1'"

Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same.

User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id

The API /katello/api/capsules/:id is called  by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user.

Version-Release number of selected component (if applicable):
6.4
6.5

How reproducible:
Always

Steps to Reproduce:
1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin 
2. Run following api with above user and it fails
# curl -u user:password https://satellite.example.com/katello/api/capsules/1

Actual results:
APi fails with response "message": "Resource smart_proxy not found by id '1'"

Expected results:
Non admin user should be able to call that API with appropriate permissions assigned

Comment 4 Marek Hulan 2019-11-21 11:13:02 UTC
Is the user assigned to the same organization and location as the capsule? Does the user have permission to view_organizations and view_locations (potentially limited to only these)?

Comment 5 Joshua Hanley 2019-12-12 20:08:37 UTC
Marek: Yes, the user was already assigned to the same organization and location as the capsule, and the user's role already had the view_organizations and view_locations permissions.


Note You need to log in before you can comment on or make changes to this bug.